O365 Phishing Campaign Leveraged Legit Domains
A sophisticated scheme used legitimate redirection tools to convince victims to give up Office 365 credentials.
A phishing campaign aimed at Office 365 users took advantage of a legitimate Adobe marketing redirect mechanism, website script injection, and legitimate domains owned by Samsung, Adobe, and Oxford University to convince victims to hand over the credentials to their Office 365 accounts.
According to researchers at Check Point, the attackers used Oxford University's email servers to launch reputable-looking phishing messages containing content about an unheard voicemail message. A click on the link sent victims to a Samsung server, where the link then redirected to the malicious lookalike site that harvested the Office 365 credentials.
Ultimately, victims landed on one of a series of compromised WordPress websites with a separate subdirectory for each victim leading to unique URLs. The campaign, which has ended, constantly evolved in the way it used the techniques to evade email and web filter security measures.
Read more here.
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024